Before the US Senate Intelligence Committee in 2017, Keith Alexander
Photograph: Getty Images General Keith Alexander, a retired US Army officer and former director of the National Security Agency (NSA) and US Cyber Command, believes that Russian ransomware perpetrators must be exposed and made to bear serious repercussions.
“At the moment, ransomware perpetrators, primarily in Russia, essentially get away with nothing. There is very little risk for them,” Alexander said last week at a lecture held at the International Cyber Policy Centre of the Australian Strategic Policy Institute.
“We must identify the perpetrators and hold them accountable.”
He remarked that although we call out cybercrime organizations like REvil and DarkSide , more needs to be done.
Consider what would happen if we indicted someone, displayed their photo, and announced, “That’s the person, and if we can, we’ll arrest you. You are unable to leave Russia. You’ll have to remain there for the remainder of your life.
In terms of cyber policy, Alexander has historically been on the hawkish side.
He repeated Dmitri Alperovitch’s 2013 categorization of cybercrime and cyber espionage as the greatest transfer of wealth in history ; presumably at that point, he forgot about the massive empires of the European colonial powers.
He now emphasizes the value of international cooperation in the fight against nation-states’ and their puppets’ cyber forces.
“We need to collectively go out in front of this,” he said, referring to all the attacks occurring in Australia, the US, and Europe as well as the theft of intellectual property.
President Xi Jinping of China issued the July 1 speech , which Alexander called “a gauntlet being set down that suggested there would be violence and bashing of skulls.” There is no telling how far China will go if the West pushes it over Taiwan or the South China Sea.
“I believe that red line needs to be drawn, and we need to work together to do it.”
He asserted that the private sector must be included in this cooperation.
A DEFENSIVE MEASURE IS NOT INCIDENT RESPONSE. “I believe that the largest issue that I encountered in government and that we are currently facing is that governments, both ours and yours, fail to recognize attacks on the private sector. But protecting the private sector is the government’s responsibility,” Alexander remarked.
How will you defend what you cannot see? A defensive strategy is not incident reaction. After everything horrible has occurred, that is.
The SolarWinds supply chain attack is a good illustration. The information was not disclosed to the government until after the incident.
“People are now pressing the government, saying, “Hey, why didn’t you know? The reason for this, according to Alexander, is that neither the government nor its agencies are able to monitor all attacks on vital infrastructure.
“We must… I’ll call it an event generator that creates a radar image of all the firms where these kinds of events are occurring and displays events that are occurring at network speed and can be anonymized and transmitted up to the cloud.
Naturally, terms like “behavioral analytics,” “expert systems,” “machine learning,” and “artificial intelligence” were frequently used in the conversation.
GETTING RID OF AVERSIONS TO SHARING DATA WITH GOVERNMENTS Since the cybers were all written in Roman numerals, this need for collaboration, partnerships, and information sharing has been mentioned at every conference. However, why doesn’t it just happen if everyone concurs that it’s a good thing
“What are we talking about sharing is the very crucial question,” said Alexander.
If you’re talking about disclosing information on current cyber occurrences, i.e., things that you already block, then doing so is “nearly worthless” because you’ve already done so.
We must divulge “all the stuff you don’t know,” according to Alexander.
That sounds to your correspondent like private sector companies will have to share a lot more raw data with governmental organizations. Information concerning threats they are not yet aware of.
Data that they might want to keep private from the authorities for a variety of reasons.
Abigail Bradshaw, the director of the Australian Cyber Security Centre (ACSC), has observed that businesses are reluctant to provide information with the organization. They occasionally go as far as lawyer up to prevent ACSC involvement in a breach probe.
Perhaps there is a stigma associated with notifying and informing the public—and hence shareholders—about a weakness, according to Bradshaw.
We’ve been quite explicit about the fact that the ACSC is not a regulator, she added.
“As a result, I find it quite uninteresting to talk about the most interesting cases when I am interviewed by the media. And I apologize to all journalists, but I will continue to support it.
IronNet, the business Alexander started after he left the NSA in 2014, has created a “collective defense platform” that “leverages advanced AI-driven network detection and response capabilities to detect and prioritize anomalous activity inside individual enterprise network environments,” so it’s no accident.
The obvious selling point is that governments could use such a private sector system to link public and private data, thus allaying some of the concerns that would surround a platform that was solely owned by the government.
The “clear separation” between the regulators and the ACSC in its role of providing cyber help and reaction, according to Bradshaw, is one of “the greatest features” of the Security Legislation Amendment (Critical Infrastructure) Bill 2020 and its architecture.
The bill should be hurried through Parliament, according to the Department of Home Affairs ( repeatedly REvil 0) However, it has been suggested that it be REvil 1 so that its more contentious features can be addressed in greater detail by the Parliamentary Joint Committee on Intelligence and Security.
NOT A MODERN JAZZ COMBO: AUKUS AND THE QUAD The newly announced AUKUS defense technology pact between Australia, the US, and the UK was also commended by Alexander.
AUKUS is primarily focused on Australia’s desire to acquire a fleet of eight nuclear-powered submarines, but other technology will also be exchanged.
Alexander predicted that “cyber is going to be enormously significant for our future.”
It’s the only place where enemies may strike both Australia and the US without having to attempt to cross the oceans. They are able to do it online, and we are quite vulnerable. So I think it’s crucial to be proactive about that.
Alexander envisions a cyber radar image that includes not only the AUKUS countries but also other allies like the Australia-India-Japan-US Quadrilateral Security Dialogue (the Quad).
Imagine if we could create—and did—a radar picture for cyber that included information about how other nations, in addition to Australia, are affected. Additionally, we may exchange real-time information about risks affecting our nations and take protective measures, he added.
The kind of thing I would say, as we move forward, is that when you start thinking about the Quad and other things, that’s where our relationship has to go.
